From 6a45c047701feab00f531853984fe5426420679a Mon Sep 17 00:00:00 2001
From: Leonid Pershin <lpershin@syntellect.ru>
Date: Wed, 22 Oct 2025 03:50:49 +0300
Subject: [PATCH] fix security hotspots exclusion

---
 .gitea/workflows/build.yml | 3 ++-
 .sonarqube/exclusions.txt  | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml
index 76c38bc..b5cfb61 100644
--- a/.gitea/workflows/build.yml
+++ b/.gitea/workflows/build.yml
@@ -45,7 +45,8 @@ jobs:
             /d:sonar.coverage.exclusions="**/Migrations/**/*.cs,**/*ModelSnapshot.cs,**/Migrations/*.cs,**/Program.cs" \
             /d:sonar.exclusions="**/Migrations/**/*.cs,**/obj/**,**/bin/**,**/TestResults/**" \
             /d:sonar.cpd.exclusions="**/Migrations/**/*.cs" \
-            /d:sonar.test.inclusions="**/*Tests.cs,**/ChatBot.Tests/**/*.cs"
+            /d:sonar.test.inclusions="**/*Tests.cs,**/ChatBot.Tests/**/*.cs" \
+            /d:sonar.security.hotspots.excluded="**/Models/Configuration/**/*.cs"
           echo "Building project..."
           dotnet build --verbosity normal --no-incremental
           echo "Running tests with coverage..."
diff --git a/.sonarqube/exclusions.txt b/.sonarqube/exclusions.txt
index 90438eb..30dd58a 100644
--- a/.sonarqube/exclusions.txt
+++ b/.sonarqube/exclusions.txt
@@ -12,6 +12,9 @@
 **/bin/**
 **/TestResults/**
 
+## Security Hotspots Exclusions (sonar.security.hotspots.excluded)
+**/Models/Configuration/**/*.cs
+
 ## Source and Test Directories
 Sources: ChatBot/
 Tests: ChatBot.Tests/
@@ -21,3 +24,4 @@ Tests: ChatBot.Tests/
 - ModelSnapshot: Auto-generated EF Core snapshot
 - obj/bin: Build artifacts
 - TestResults: Test execution results
+- Configuration Models: Safe usage of environment variables for secrets (BotToken, ConnectionString)